I’ve followed the instructions (https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-device-code) to obtain access_token. I am trying to authenticate this access token against my ASP.NET Core 8.0 grpc service with this code.

Program.cs:

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
   .AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"));

appsettings.json:

{
   ...
   "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "TenantId": "9bee6d05-...",
    "ClientId": "edfcae4c-...",
    "Audience": "api://edfcae4c-...",
   },
   ...
}

The problem is that I’m always getting unauthenticated and receiving this error log. How can I fix the problem?

fail: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
      IDX10511: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.X509SecurityKey, KeyId: 'KQ2tAcrE7lBaVVGBmc5FobgdJo4', InternalId: 'KQ2tAcrE7lBaVVGBmc5FobgdJo4'. , KeyId: KQ2tAcrE7lBaVVGBmc5FobgdJo4
      '. 
      Number of keys in TokenValidationParameters: '0'. 
      Number of keys in Configuration: '10'. 
      Matched key was in 'Configuration'. 
      kid: 'KQ2tAcrE7lBaVVGBmc5FobgdJo4'. 
      Exceptions caught:
       '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
      token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10511 for details.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[1]
      Failed to validate the token.
      Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10511: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.X509SecurityKey, KeyId: 'KQ2tAcrE7lBaVVGBmc5FobgdJo4', InternalId: 'KQ2tAcrE7lBaVVGBmc5FobgdJo4'. , KeyId: KQ2tAcrE7lBaVVGBmc5FobgdJo4
      '. 
      Number of keys in TokenValidationParameters: '0'. 
      Number of keys in Configuration: '10'. 
      Matched key was in 'Configuration'. 
      kid: 'KQ2tAcrE7lBaVVGBmc5FobgdJo4'. 
      Exceptions caught:
       '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
      token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10511 for details.
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignature(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignatureAndIssuerSecurityKey(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateJWSAsync(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[7]
      Bearer was not authenticated. Failure message: IDX10511: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.X509SecurityKey, KeyId: 'KQ2tAcrE7lBaVVGBmc5FobgdJo4', InternalId: 'KQ2tAcrE7lBaVVGBmc5FobgdJo4'. , KeyId: KQ2tAcrE7lBaVVGBmc5FobgdJo4
      '. 
      Number of keys in TokenValidationParameters: '0'. 
      Number of keys in Configuration: '10'. 
      Matched key was in 'Configuration'. 
      kid: 'KQ2tAcrE7lBaVVGBmc5FobgdJo4'. 
      Exceptions caught:
       '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
      token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10511 for details.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
      AuthenticationScheme: Bearer was challenged.